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DETAILED ACTION 
Response to Amendment 

Applicant's arguments/amendments with respect to pending claims 1-8 filed 1/6/2009 
have been fully considered but they are not persuasive. Arguments/amendments with regards to 

newly presented claims 9-11 have been fiiUy considered but are moot in view of new grounds 
rejection. The Examiner would like to point out that this action is made final (See MPEP 
706.07a). 

Response to Arguments 
Applicants contend that Funabe et al. and Droge fail to teach/suggest "bridge means in a 
data link layer for allowing data, which has been received with one of a plurality of ports and 
then on which the encrypting or decrypting process has been performed, to be outputted as it is 
from another port without any routing process at a network layer being performed (emphasis 
added)." Droge teaches that data may be encrypted at a data link layer of a first computer and 
then transmitted by a transmission mechanism to a first interface device (col. 6, lines 62-65). 
Based on the previous citation, the bridge means in a data link layer allows data to be received 
with one of a plurality of ports and outputs it from another port after encrypting/decrj^ting 
processing has been performed. Furthermore, the previous citation also suggests that this step 
did not require and routing process at a network layer to be performed when the bridge means is 
being used to transmit the data. According to Droge, in col. 6, lines 65-67, the data is packetized 
at the first interface device which is also where the routing occurs, these steps being after the 
bridge means has been utilized to transmit the data. Thus, the combination of Funabe et al. and 
Droge teach/suggest bridge means in a data link layer for allowing data, which has been received 
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with one of a plurality of ports and then on which the encrypting or decrypting process has been 
performed, to be outputted as it is from another port without any routing process at a network 
layer being performed. 

Due to the reasons stated above, the Examiner maintains rejections with respect to the 
pending claims. The prior arts of records taken singly and/or in combination teach the limitations 
that the Applicant suggests distinguish from the prior art. Therefore, it is the Examiner's 
conclusion that the pending claims are not patentably distinct or non-obvious over the prior art of 
record as presented. 

Claim Rejections - 35 USC § 103 

I. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

II. Claims 1-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Funabe et al., 
US Patent No. 6,016,350, and further in view of Droge, US Patent No. 7,076,651. 

As per claim 1 : 

Funabe et al. substantially teach an encryption apparatus, comprising: a plurality of ports 
to at least one of which a terminal having an encrypting capability can be directly or indirectly 
connected (col. 6, lines 38-44); and enciyption/decryption means for performing an encrj^ting 
process and a decrypting process on data to terminate encryption-based security between the 
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terminal having the encrypting capability and/or the non-encrjrpting capability (col. 6, lines 57- 
61 and col. 11, lines 14-35). 

Not explicitly disclosed is a bridge means in a data link layer for allowing data, which 
has been received with one of the plurality of ports and then on which the encrypting or 
decrypting process has been performed, to be outputted as it is from another port without any 
routing process at a network layer being performed. However, Droge teaches that the data link 
layer may be used to perform encryption/decryption processes as well as outputting the data to 
the modem line which transmits the data, without routing, to a first interface (col. 6, lines 62-65). 
Therefore, it would have been obvious to a person in the art at the time the invention was made 
to modify the method disclosed in Funabe et al. to have the bridge means in the data link layer to 
output the data from another port, i.e. the modem, once the data link layer has performed the 
encryption/decryption. This modification would have been obvious because a person having 
ordinary skill in the art, at the time the invention was made, would have been motivated to do so 
since Droge suggests that using the data link layer to harbor the bridge means allows for various 
mechanisms to be used, one of which is IPSEC, in col. 7, lines 1-14. 
As per claim 2: 

Funabe et al. and Droge substantially teach the encryption apparatus according to claim 
1 . Furthermore, Funabe et al. teach wherein the encryption/decryption means performs the 
encrypting process and the decrypting process on data, so that the encryption apparatus receives 
and retransmits data in the form of encrypted data from and to the terminal having the encrypting 
capability, and the encryption apparatus receives and retransmits the data in the form of non- 
encrj^ted data from and to the terminal having no encrypting capability (col. 6, lines 29-61 and 
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col. 7, lines 4-30). 
As per claim 3: 

Funabe et al. substantially teach an encryption apparatus, comprising: a plurality of ports 
to at least one of which a terminal having an encrypting capability can be directly or indirectly 
connected (col. 6, lines 38-44); encryption/decryption means for performing an encrypting 
process or a decrypting process on data which has been received with one of the plurality of 
ports and then has passed through a physical layer and a data link layer (col. 6, lines 57-61 and 
col. 11, lines 14-35). 

Not explicitly disclosed is a bridge means in the data link layer for passing the encrjqjted 
or decrypted data to the data link layer and the physical layer without passing said data to a 
network layer in which routing between networks is controlled, and then sending said data to 
another port so as to be outputted from said port. However, Droge teaches that the data link layer 
may be used to perform encryption/decryption processes as well as outputting the data to the 
modem line which transmits the data, without routing, to a first interface (col. 6, lines 31-37 and 
lines 62-65). Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Funabe et al. to have the bridge means in 
the data link layer to output the data from another port, i.e. the modem, once the data link layer 
has performed the encryption/decryption. This modification would have been obvious because a 
person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since Droge suggests that using the data link layer to harbor the bridge means 
allows for various mechanisms to be used, one of which is IPSEC, in col. 7, lines 1-14. 
As per claim 4: 
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Funabe et al. and Droge substantially teach the encryption apparatus according to claim 
3. Funabe et al. teach the apparatus fiirther comprising setting information storage means for 
storing setting information for controlling the encrypting process and the decrypting process, 
wherein the encryption/decryption means controls the encrypting process and the decrypting 
process by comparing the setting information stored in the setting information storage means 
with header information of a data packet of the data received with one of the plurality of ports 
(col. 5, lines 9-25). 
As per claim 5: 

Funabe et al. substantially teach an encrypting method for performing an encrypting 
process and a decrypting process using an encryption apparatus, the apparatus having a plurality 
of ports to at least one of which a terminal having an encrypting capability can be directly or 
indirectly connected (col. 6, lines 38-44), the method comprising the steps of: performing the 
encrypting or decrypting process on data which has been received with one of the plurality of 
ports and then has passed through a data link layer and a physical layer (col. 6, lines 57-61 and 
col. 11, lines 14-35). 

Not explicitly disclosed is outputting the encrypted or decrypted data from another port 
through the physical layer and a bridge means in the data link layer, without passing said data to 
a network layer in which routing between networks is controlled. However, Droge teaches that 
the data link layer may be used to perform encryption/decryption processes as well as outputting 
the data to the modem line which transmits the data, without routing, to a first interface (col. 6, 
lines 3 1-37 and lines 62-65). Therefore, it would have been obvious to a person in the art at the 
time the invention was made to modify the method disclosed in Funabe et al. to have the bridge 
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means in the data link layer to output the data from another port, i.e. the modem, once the data 
link layer has performed the encryption/decryption. This modification would have been obvious 
because a person having ordinary skill in the art, at the time the invention was made, would have 
been motivated to do so since Droge suggests that using the data link layer to harbor the bridge 
means allows for various mechanisms to be used, one of which is IPSEC, in col. 7, lines 1-14. 
As per claim 6: 

Funabe et al. and Droge substantially teach the encryption system, comprising: an 
encryption apparatus according to claim 1. Furthermore, Droge teaches a terminal having an 
encrypting capability which can be connected to the encryption apparatus through a wireless or 
cable network (col. 4, lines 34-36). 
As per claim 7: 

Funabe et al. and Droge substantially teach the encryption system, comprising: a terminal 
having an encr5q)ting capability; a terminal having no encrypting capability; and an encryption 
apparatus according to claim 2. Fiirthermore, Funabe et al. teach the system which can be 
connected between the terminal having the encrypting capability and the terminal having no 
encrj^ting capability through a wireless or cable network (col. 6, lines 38-61). 
As per claim 8: 

Funabe et al. and Droge substantially teach the encryption apparatus according to claim 
2. Furthermore, Funabe et al. teach wherein the encryption/decryption means performs the 
decrj^ting process on encrj^ted data and then sending said data to a terminal having no 
encrypting capability when the encryption apparatus receives said encrypted data form another 
terminal having an encrypting capability and retransmits said data to the terminal having no 
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encrypting capability, and performs the encrypting process on non-encrypted data and then 
sending said data to a terminal having an encrypting capability when the encryption apparatus 
receives said non-encrypted data form another terminal having no encrypting capability and 
retransmits said data to the terminal having the encrypting capability (col. 6, lines 29-61 and col. 

7, lines 4-30). 

III. Claims 9-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over Funabe et al, 
US Patent No. 6,016,350 and Droge, US Patent No. 7,076,651 as applied to claims 1, 3, and 5 
above, and further in view of Ellington et al., US Patent No. 6,708,218. 

As per claims 9-11: 

Funabe et al. and Droge substantially teach the apparatus/method of claims 1,3, and 5. 
Not explicitly disclosed is wherein the bridge means is an IP-Sec bridge and data transmission 
processes are carried out in layers lower than the network layer. However, Ellington et al. teach 
the use of IP-Sec packet filtering which utilizes functionality in the data link layer to determine 
what type of processing is required for the received frame and shifts what is normally processed 
on the network layer onto the data link layer (col. 7, lines 31-45). Therefore, it would have been 
obvious to a person in the art at the time the invention was made to modify the method disclosed 
in Funabe et al. and Droge for the bridge means to be an IP-Sec bridge and for the routing 
processing to be shifted from the network layer (layer 3) to the data link layer (layer 2). This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Ellington et al. suggest 
using an IP-Sec bridge and shifting the routing processing fi-om the network layer to a lower 
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layer, such as the data link layer, significantly enhances system performance in col. 7, lines 41- 
45. 



*References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

1. US Patent No. 6,640,248 

2. US Patent No. 6,490,273 

3. US Pub. No. 2003/0106067 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated fi-om the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

/Nadia BChoshnoodi/ 
Examiner, Art Unit 2437 
4/7/2009 

NK 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



